Search CVE reports
1 – 10 of 83 results
CVE-2024-56827
Medium priorityA flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Not affected |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-56826
Medium priorityA flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Not affected |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-7006
Medium prioritySome fixes available 7 of 23
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults,...
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | — |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tiff | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-6716
Low priorityRejected reason: Invalid security issue.
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | — |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tiff | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2023-39329
Medium priorityA flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39327
Medium prioritySome fixes available 6 of 35
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39328
Medium priorityA vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-52356
Medium prioritySome fixes available 8 of 23
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
4 affected packages
gdal, qtwebengine-opensource-src, texmaker, tiff
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tiff | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2023-52355
Negligible priorityAn out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a...
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdal | — | Not affected | Not affected | Not affected | Ignored |
neuron | — | Ignored | Ignored | Ignored | Not in release |
qtwebengine-opensource-src | — | Ignored | Ignored | Ignored | Not in release |
texmaker | — | Ignored | Ignored | Ignored | Ignored |
tiff | — | Ignored | Ignored | Ignored | Ignored |
CVE-2023-45311
Medium priorityfsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that...
2 affected packages
npm, qtwebengine-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
npm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |